Numerous technologies are available for automatic verification of a person's identity. The authentication process usually involves verification of what a person knows (e.g., passwords, pass phrases, PINs), has (e.g., tokens, smart cards), is (e.g., fingerprint, hand geometry, facial features, retinal print, iris pattern), or generates (e.g., signature, voice). Use of something known by a person and use of something held by a person are two simple identification/verification solutions widely used today. Biometrics (also known as biometry) is defined as ‘the identification of an individual based on biological traits, such as fingerprints, iris patterns, and facial features,’ and relies on what a person is or can generate.
Using something one knows requires only a good memory, but can on the other hand be easily overheard, seen, or even guessed. An item that one holds can be stolen and used or copied later. Using biometrics might at first seem to overcome these problems since fingerprints, iris patterns, etc. are part of one's body and thus not easily misplaced, stolen, forged, or shared. Indeed, biometrics technology is becoming a preferred standard for identification and authentication in ATMs, credit card transactions, electronic transactions, e-passports, airports, international borders, nuclear facilities and other highly restricted areas. Ironically however, this widespread acceptance of biometrics technology has been attracting the attention of attackers and has provoked interest in exploration of spoofing mechanisms against biometric systems. For example, the thousands of fingerprints that one leaves everywhere in one's daily life can be recovered and molded into artificial fingers for fooling biometrics devices based on fingerprint detection. In an experiment conducted by Matsumoto et al., eleven optical and silicon fingerprint sensors accepted artificial fingers in at least sixty percent of attempts (Tsutomu Matsumoto, Hiroyuki Matsumoto, Koji Yamada and Satoshi Hoshino, ‘Impacts of Artificial ‘Gummy’ Fingers on Fingerprint System’, Optical Society and Counterfeit Deterrence Techniques IV, Proceedings of SPIE, 4677, pp. 275-289, January 2002). Furthermore, with a commercially available high resolution digital camera, the iris pattern of a person's eye can be readily extracted from the person's facial picture and molded into contact lenses to be used to fool machines employing iris pattern recognition. An experiment conducted on two commercial iris recognition devices also showed that one of these devices could be fooled 50% of the time and the other 100% of the time ‘(Tsutomu Matsumoto, Masashi Hirabayashi and Kenji Sato, ‘A Vulnerability of Iris Matching (Part 3)’, Proceedings of the 2004 Symposium on Cryptography and Information Security, the Institute of Electronics, Information and Communication Engineers, pp. 701-706, January 2004).
Although susceptibility of most biometric system to spoofing have been experimented on fingerprint and iris recognition devices as these technologies are used in a variety of commercial products, other biometrics devices can also be spoofed, and to give examples, a dummy hand can be used on a hand geometry system, a high resolution picture can be used on a face recognition system, etc.
One way to counteract such spoofing is to augment a biometric identification means with an aliveness detection method for detecting that an object that is being presented to the biometric authentication system for authentication is not an artificial dummy but a part of a living person. For example, a fingerprint identification means may be augmented by a means that detects the blood pulse of a fingertip so that a fingertip that is presented for authentication can be judged to be that of a living person. However, even this method can be fooled, for example, by covering a living person's fingertip, which provides a pulse, with a thin, plastic-molded artificial fingertip that can provide an authentic fingerprint pattern.